ALERT! ‘FREAK’ Security Flaw ALERT!

Published On March 8, 2015 | By Tom Huskerson | Alerts, News and Analysis

Slide1Technology security experts are warning computer and mobile device owners of a major new SSL (Secure Sockets Layer) vulnerability. This old but recently discovered flaw could allow hackers to perform a man-in-the-middle attack on Android and Apple devices. Microsoft is also warning its customers that ALL Windows operating systems are at risk from the vulnerability known as Freak, for “Factoring RSA-EXPORT Keys.”

SSL is the standard security technology for establishing an encrypted link between a web server and a web browser.  A man-in-the-middle attack is the technological equivalent of a pass intercepted in a football game. Simply put, the link between your computer and your bank’s server or the server of an online merchant is intercepted.

The SSL link makes certain that all data transmitted between you and your bank remain totally secret. The Freak security flaw makes it possible for a hacker to force encryption software to downgrade from using a stronger encryption to a weaker and easily breakable weaker encryption. This flaw affects potentially millions of websites and even more computers and mobile devices.

There is history behind the Freak flaw that dates back more than two decades to the 1990’s. U.S. companies were required by the government to deliberately weaken the strength of encryption keys they shipped outside the U.S. The law allowed a maximum strength encryption key length of 512 bits. Computers today make child’s play of this encryption. According to noted cryptographer Matthew Green, of Johns Hopkins University, the U.S. government demanded this so the NSA could access foreign communications, all the while making it look like the U.S. was helping to provide adequate encryption for everyone.

The following software and platforms are affected by the Freak security flaw.

Browsers;

Companies and people using Windows Server 2003 or XP need to be especially alert. Windows XP is no longer being supported without a special contract and Windows Server 2003 support life ends in July. Microsoft may issue a patch for this problem but they make no promises. If you are using these outdated operating systems you need to upgrade…now!

(Source: https://freakattack.com/)

 To check if your browser is vulnerable use the  FREAK Client Test Tool.

You can also find a list of vulnerable websites at freakattack.com.

Breaking It Down

Here is another more serious problem you need to be aware of. Ninety percent of ATM’s in the U.S. are running on Windows XP. Microsoft is no longer supporting the XP OS without a special contract. And as you have read it is vulnerable to the Freak.  

Black consumers need to be alert to this fact because no one knows what banks have upgraded their ATMs or if they have secured the needed support from Microsoft. Because of the Freak vulnerability you need to get with your bank and ask, directly, if they have Microsoft support or have they upgraded their ATM’s? You need to know this because your bank may be vulnerable. The last thing you need is to discover none of your bank’s ATM’s are working and the bank doors are locked because they failed to upgrade their security and got hacked. It could happen. And you know black people don’t play when comes to money!

 




			

													

						
		

		
		

					

						
Like this Article? Share it!

						

						
					

									
		

			
About The Author

			

				

					

											

														
																					
																											

									

				

					
					Tom Huskerson Bio

Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. Tom attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco.

At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University.

After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst.

As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors.

Tom has also written both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and EbonyCandle.com.

Tom is not the chief editor for the OnTechStreet. com.  A news and information blog that focuses on tech news for African-Americans. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.
					

			

		

				
				
										
				
		

			
 

			

		

				
					
			

				



Comments are closed.